kutaki | HDFC_Copy[.]zip | Triage

Sharing

General

Target

HDFC_Copy.zip
Size

2.1MB
MD5

d815f131ec754c4e872358a0fc8f175a
SHA1

3d8298dda7cee2d318926cdce1f153bb704c26e4
SHA256

8077016cb0e6290e1132887f46763062fead26b3b8ad1ae845511d0e65670181
SHA512

e27db2e829597af7b3d9786e754902b98b0914ee8c93cbe3709a781ffe8410d22e1b5ebddbadca1581c3edacc3f36bb130f5cfb8041cdd88fa110441212c4df4
SSDEEP

49152:TxWDH+p96uNE4CAxWNb/NWUFouXoIjjac3mb/+m8VG:FAH+aSxWNbl3o2V3mb/+m8c

Score

10^/10

kutaki

Malware Config

Extracted

Family

kutaki

C2

http://treysbeatend.com/laptop/squared.php

http://terebinnahicc.club/sec/kool.txt

Signatures

Kutaki family
kutaki

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/HDFC_Copy.bat

Files

HDFC_Copy.zip
.zip
HDFC_Copy.bat
.exe windows x86

6f118d6a4f3aa7a4073eb11679e3ad87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
ord696
ord698
MethCallEngine
ord516
ord518
ord626
ord519
ord667
ord591
ord593
ord594
ord595
ord596
ord304
ord598
ord520
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
ord563
ord670
ord564
EVENT_SINK_Release
ord600
ord601
ord310
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord711
ord712
ord713
ord714
ord607
ord608
ord716
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord573
ord681
ord576
ord685
ord100
ord689
ord616
ord617
ord618
ord619
ord581

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ